Quassel, when used with certain versions of Qt and PostgreSQL, does
not sanitize user input (CVE-2013-4422).

Impact

A remote attacker could send multiple CTCP requests in single private
message, possibly resulting in a Denial of Service condition. Futhermore,
a remote attacker may be able to execute arbitrary SQL statements.